Home loans are the most reported licensee breach: ASIC

Formerly known as breach reporting, the reportable situations regime requires Australian financial services licensees (AFSLs) and Australian credit licensees (ACLs) to submit notifications about reportable situations (previously breach reports) to ASIC via the ASIC Regulatory Portal.

In the second annual report, released yesterday (31 October), ASIC revealed that over the financial year 1 July 2022 to 30 June 2023, the largest volume of reports related to credit (32 per cent), which were primarily about home loan products (20 per cent of total reports).

This was closely followed by general insurance (28 per cent).

Other loan products that were in the top 10 included personal loans (other than motor vehicle loans) – with 3 per cent of reports – business loans (2 per cent of reports) and motor vehicle loans (2 per cent).

The most common issue that led to the self-reporting of breaches related to false or misleading statements – 44 per cent, followed by general licensee obligations – 18 per cent, and lending – 17 per cent.

The top three drivers for each breach identified related to:

• False or misleading statements – Information or warning statements about products or services (39 per cent), statements about fees (4 per cent), advertising and related conduct (1 per cent).
• General licensee obligations – Providing services efficiently, honestly and fairly (8 per cent), other (5 per cent) and claims handling (2 per cent).
• Lending – Responsible lending (12 per cent), hardship (4 per cent) and debt collection (1 per cent).

ASIC also found the primary root cause of reported breaches was staff negligence and/or error (accounting for 66 per cent of breaches).

In total, 16,836 reports were submitted to ASIC during the 2023 financial year, with a 43 per cent increase in the monthly reporting average from the previous period, averaging 1,403 reports per month.

However, ASIC noted that only 9 per cent of the licensee population lodged reports over the period, which it stated was “still much lower than expected and we will be taking stronger measures to achieve enhanced compliance with the regime, including by undertaking a range of surveillance activities and potential enforcement action”.

Moreover, 71 per cent of all reports were lodged by just 21 licensees. These were generally larger licensees.

According to ASIC, 82 per cent of the reports received had impacted customers, either financially or non-financially, with approximately one in five (19 per cent) reports finding a financial loss to customers.

The value of financial losses to customers reported during the period was approximately $448.4 million, which impacted a total of 7.2 million customers.

Thirty per cent of reports involving customer financial loss were only identified off the back of customer complaints.

The data revealed that the time to identify and commence an investigation into the breaches rose in the most recent reporting period. The median time was 55 calendar days (up from 39 in the prior period) and the average was 327 calendar days (down from 396 in the previous period).

Commenting on the report findings, ASIC chair Joseph Longo stated that little improvement had been made in the second year of the regime being in place. ASIC suggested that the proportion of the licensee population reporting remains very low (indicating that some licensees may not be complying with the regime); licensees are still taking too long to identify and investigate some breaches; a significant number of remediation activities are still taking too long to complete and there remain opportunities to improve identification and reporting root causes of breaches.

He said: “The reportable situations regime has now been in place for over two years, and licensees have had ample time to take the necessary steps to ensure full compliance with requirements.

“Since its commencement, ASIC has been working with stakeholders to improve the operation of the reportable situations regime, including through providing guidance and modifications.

“ASIC will now move to taking stronger regulatory action to drive improved compliance with the regime, including enforcement action where appropriate.”

Changes to reportable situations

Last month, ASIC announced that it was tweaking the reportable situations regime off the back of feedback.

As of 20 October, licensees do not have to submit notifications about certain reportable situations if they – among other requirements – are as follows:

• Only impact one person, or if it relates to a financial product, credit product, consumer lease, mortgage or guarantee that is, or is proposed to be, held jointly by more than one person, those persons.
• Did not result, and is unlikely to result in, any financial loss or damage to any person (regardless of whether that loss or damage has been, will be or may be, remediated).
• Did not give rise, and be unlikely to give rise, to any other reportable situation.

Licensees also now have more time to lodge their reports, with the timeline extending from 30 days to 90 days.

[Related: ASIC modifies licensees’ obligations]